[Serusers] 407 Proxy Authentication Required to a subscribed user

Thu May 17 15:24:13 CEST 2007

In pratice,
proxy_authorize function ALWAYS requires INVITE message to have digest
credentials included.

If they lack, proxy_authorize does not check from user into subcriber
table, but sends 407 Authentication Request message: is correct so?

txs,
f.

2007/5/17, SIP <sip at arcdiv.com>:
> Well... if you have an authentication requirement in your INVITE block,
> then you're going to get authentication requests as a response to an
> INVITE.
>
> If you understand this, then, well... then I'm just not sure I
> understand your question.
>
> N.
>
>
>
> flavio wrote:
> > Yes I do, accordig example in Getting Started  (Chapter 7), in order
> > to avoid my SER becomes an open relay.
> > What do you think about?
> >
> > Thanks,
> > f.
> >
> > 2007/5/17, SIP <sip at arcdiv.com>:
> >> Looks like you have an auth request block in your INVITE block.
> >>
> >> Do you?
> >>
> >>
> >>
> >>
> >>
> >> flavio wrote:
> >> > Hi all,
> >> > I'm testing Blind Trasfer with my IP Phones, SER and GW, in this
> >> > scenario:
> >> >
> >> > AnalogPhone (GW) is the Transferee
> >> > IP Phone1, registred to SER, is the Transferor
> >> > IP Phone 2, registred to SER, is the Transfer Target
> >> >
> >> > When the Transferor send INVITE to put on hold the Trasferee, SER
> >> > reply with 407 Proxy Authentication Requrire, as follow reported:
> >> >
> >> > 2007/05/17 12:45:49.370808 10.28.19.124:5060 -> 10.28.19.202:5060
> >> > INVITE sip:06XXXXXX15 at 10.28.19.230 SIP/2.0.
> >> > Via: SIP/2.0/UDP 10.28.19.124;branch=z9hG4bKc442076492fe9954.
> >> > Route: <sip:10.28.19.202;ftag=1c1272914830;lr=on>.
> >> > From: <sip:06XXXXXX14 at 10.28.19.202>;tag=9bb7a2279efa8707.
> >> > To: <sip:06XXXXXX15 at 10.28.19.230>;tag=1c1272914830.
> >> > Contact: <sip:06XXXXXX14 at 10.28.19.124;user=phone>.
> >> > Supported: replaces.
> >> > Call-ID: 127291448221200023114 at 10.28.19.230.
> >> > CSeq: 21593 INVITE.
> >> > User-Agent: Grandstream BT110 1.0.8.12.
> >> > Max-Forwards: 70.
> >> > Allow: INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE.
> >> > Content-Type: application/sdp.
> >> > Content-Length: 206.
> >> > .
> >> > v=0.
> >> > o=0660522014 8000 8001 IN IP4 10.28.19.124.
> >> > s=SIP Call.
> >> > c=IN IP4 0.0.0.0.
> >> > t=0 0.
> >> > m=audio 5004 RTP/AVP 8 18 0.
> >> > a=sendonly.
> >> > a=rtpmap:8 PCMA/8000.
> >> > a=rtpmap:18 G729/8000.
> >> > a=rtpmap:0 PCMU/8000.
> >> > a=ptime:20.
> >> >
> >> > #
> >> > U 2007/05/17 12:45:49.371204 10.28.19.202:5060 -> 10.28.19.124:5060
> >> > SIP/2.0 407 Proxy Authentication Required.
> >> > Via: SIP/2.0/UDP 10.28.19.124;branch=z9hG4bKc442076492fe9954.
> >> > From: <sip:06XXXXXX14 at 10.28.19.202>;tag=9bb7a2279efa8707.
> >> > To: <sip:06XXXXXX15 at 10.28.19.230>;tag=1c1272914830.
> >> > Call-ID: 127291448221200023114 at 10.28.19.230.
> >> > CSeq: 21593 INVITE.
> >> > Proxy-Authenticate: Digest realm="10.28.19.202",
> >> > nonce="464c4fa95f251088d01666190944e53313bab22e".
> >> > Server: Sip EXpress router (0.9.6 (i386/linux)).
> >> > Content-Length: 0.
> >> > Warning: 392 10.28.19.202:5060 "Noisy feedback tells:  pid=15940
> >> > req_src_ip=10.28.19.124 req_src_port=5060
> >> > in_uri=sip:0660522015 at 10.28.19.230 out_uri=sip:0660522015 at 10.28.19.230
> >> > via_cnt==1".
> >> >
> >> > My question is: why SER reply with an authentication request to
> >> > INVITE, if the Transferor party is a registred user? Have you any
> >> > suggestion about?
> >> >
> >> > I verify user subscribtion in my ser.cfg file as follow:
> >> >
> >> > if (!allow_trusted()) {
> >> > if (!proxy_authorize("","subscriber")) {
> >> > proxy_challenge("","0");
> >> > break;
> >> > } else if (!check_from()) {
> >> > sl_send_reply("403", "Use From=ID");
> >> > break;
> >> > };
> >> > consume_credentials();
> >> > }
> >> >
> >> > Thanks for support,
> >> >
> >> > Flavio
> >> >
> >> >
> >>
> >>
> >
> >
>
>

-- 
********************************
* (o<     ing. Patria Flavio
* //\      phone 0823451358
* V_/_  mobile 3407873357
*
********************************